Sebastian Nanz scite author profile

We present a framework for specification and security analysis of communication protocols for mobile wireless networks. This setting introduces new challenges which are not being addressed by classical protocol analysis techniques. The main complication stems from the fact that the actions of intermediate nodes and their connectivity can no longer be abstracted into a single unstructured adversarial environment as they form an inherent part of the system's security. In order to model this scenario faithfully, we present a broadcast calculus which makes a clear distinction between the protocol processes and the network's connectivity graph, which may change independently from protocol actions. We identify a property characterising an important aspect of security in this setting and express it using behavioural equivalences of the calculus. We complement this approach with a control flow analysis which enables us to automatically check this property on a given network and attacker specification.

show abstract

A Comparative Study of Programming Languages in Rosetta Code

Nanz

Furia

2015

View full text Add to dashboard Cite

Sometimes debates on programming languages are more religious than scientific. Questions about which language is more succinct or efficient, or makes developers more productive are discussed with fervor, and their answers are too often based on anecdotes and unsubstantiated beliefs. In this study, we use the largely untapped research potential of Rosetta Code, a code repository of solutions to common programming tasks in various languages, to draw a fair and well-founded comparison. Rosetta Code offers a large data set for analysis. Our study is based on 7087 solution programs corresponding to 745 tasks in 8 widely used languages representing the major programming paradigms (procedural: C and Go; object-oriented: C# and Java; functional: F# and Haskell; scripting: Python and Ruby). Our statistical analysis reveals, most notably, that: functional and scripting languages are more concise than procedural and object-oriented languages; C is hard to beat when it comes to raw speed on large inputs, but performance differences over inputs of moderate size are less pronounced and allow even interpreted languages to be competitive; compiled strongly-typed languages, where more defects can be caught at compile time, are less prone to runtime failures than interpreted or weakly-typed languages. We discuss implications of these results for developers, language designers, and educators

show abstract

Prototyping a Concurrency Model

Morandi

Schill

Nanz

et al. 2013

View full text Add to dashboard Cite

Many novel programming models for concurrency have been proposed in the wake of the multicore computing paradigm shift. These models aim to raise the level of abstraction for expressing concurrency and synchronization in a program, thereby helping programmers avoid programming errors. This goal, however, causes the semantics of the models to become ever more complex and increases the risk of design flaws. Such flaws can have costly consequences if they are discovered after compiler and runtime support has been developed. It is therefore beneficial to verify the models beforehand. This thesis proposes to prototype concurrency models using executable formal specifications. The prototype is useful from the beginning to the end of a model development. Initially, developers can use the prototype to test and correct the core of the model. As the development continues, developers can expand the prototype iteratively. For each extension, they enhance the specification, test the extension against the rest of the model, and apply corrections where necessary. Once the development is completed, the prototype serves as a reference. This thesis applies the prototyping method to SCOOP, an object-oriented concurrency model. It demonstrates how the method facilitates the process of finding and resolving flaws in SCOOP and two extensions. In particular, it applies the method to extend SCOOP with (1) an exception mechanism to handle exceptions resulting from asynchronous calls and (2) a mechanism for fast and safe data sharing, reducing execution time by several orders of magnitude on data-intensive parallel programs. This effort results in 16 clarifications across various aspects, all included in a comprehensive executable formal specification in Maude. This thesis also presents new SCOOP-specific performance metrics and a technique to compute them from event traces. Having a verified concurrency model does not guarantee that programmers write efficient concurrent programs. It is hence necessary to provide performance analysis tools that assist programmers in their task. Since SCOOP differs considerably from established models, reusing existing performance metrics is not an option. Instead, the new metrics are specifically designed for SCOOP. A case study on optimizing a robot control software iii iv Abstract demonstrates the usefulness of these metrics. As a result of this thesis, SCOOP has an executable formal specification for future SCOOP developers, new mechanisms for exception handling and data sharing, as well as SCOOP-specific performance metrics. Having demonstrated the benefits of the method on an extensive concurrency model, we believe that the method can also benefit other models-new or mature.

show abstract

The Role of Abduction in Declarative Authorization Policies

Becker

Nanz

View full text Add to dashboard Cite

A logic for state-modifying authorization policies

Becker

Nanz

2010

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by factoring the authorization policy out of the hard-coded resource guard. However, many policies require the authorization state to be updated after a granted access request, for example, to reflect the fact that a user has activated or deactivated a role. Current authorization languages cannot express such state modifications; these still have to be hard-coded into the resource guard. We present a logic for specifying policies where access requests can have effects on the authorization state. The logic is semantically defined by a mapping to Transaction Logic. Using this approach, updates to the state are factored out of the resource guard, thus enhancing maintainability and facilitating more expressive policies that take the history of access requests into account. We also present a sound and complete proof system for reasoning about sequences of access requests. This gives rise to a goal-oriented algorithm for finding minimal sequences that lead to a specified target authorization state.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sebastian Nanz

A framework for security analysis of mobile wireless networks

A Comparative Study of Programming Languages in Rosetta Code

Prototyping a Concurrency Model

The Role of Abduction in Declarative Authorization Policies

A logic for state-modifying authorization policies

Contact Info

Product

Resources

About